package com.wiwf.model.security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author kehui
 */
@RestController
@RequestMapping("sys/user")
public class SysUserController {

	@RequestMapping("/public")
	public String pub() {
		return "Hello , this is public api";
	}
	
	
	// --------------------------- 拥有某角色
	
	@PreAuthorize("hasAnyRole('visitor')")
	@RequestMapping("/")
	public String userApi() {
		return "Hello , this is user api";
	}
	
	@PreAuthorize("hasAnyRole('root')")
	@RequestMapping("/admin")
	public String userAdminApi() {
		return "Hello , this is admin api";
	}
	
	
	// --------------------------- 拥有某权限
	
	@PreAuthorize("hasAnyAuthority('info1')")
	@RequestMapping("/info1")
	public String userInfo1Api() {
		return "Hello , this is info1 api";
	}
	
	@PreAuthorize("hasAnyAuthority('info2')")
	@RequestMapping("/info2")
	public String userInfo2Api() {
		return "Hello , this is info2 api";
	}
	
	
	// --------------------------- 拥有某角色 同时 拥有某权限
	
	@PreAuthorize("hasRole('visitor') and hasAnyAuthority('info1')")
	@RequestMapping("/infouser2")
	public String userInfoUser2() {
		return "Hello , this is USER infouser2 api";
	}
	
	@PreAuthorize("hasRole('root') and hasAnyAuthority('info2')")
	@RequestMapping("/infoadmin2")
	public String userInfoAdmin2() {
		return "Hello , this is ADMIN infoadmin2 api";
	}
	
}
